I must admit, we have never tried authenticating NConf with MS AD.
The "ldap" authentication module is intended for a pam_ldap / nss_ldap compliant structure (DIT) as used for Unix systems. The structure should consist of two different trees, one for users and one for groups:

uid=john,ou=People,dc=mydomain,dc=com
ou=Group,dc=mydomain,dc=com

I guess if your AD meets these requirements and if it is LDAPv3 compliant, then authentication should work. But it has never been tested by us. I'm not sure how the user / group matching is done in AD.

The "<username>" is a placeholder, it's what NConf will replace with the username that you enter when you authenticate. You should leave it as default, just make sure the placeholder is in the proper position within the user dn:

uid=<username>,ou=People,dc=mydomain,dc=com ("<username>" will be replaced by "john")

ok now it is solved, using ADS LAP from Windows works.
I ask a Nagios Consultant which is working for us last weeks, and he was so kindly to check it out, and he gives me a solution.
He tolds me that it's not so flexible because of some new LDAP options, but for us it will work, maybe you could take it and improve it,
so that it is more flexible and not so statically in case of USERS_DN. I will only post the changes he has made:

Maybe you can use it to develop a more flexible code and let users choose if they use openLDAP or ADS LDAP, hope it would be helpfull
and want to say thank you for your greate work!

greetz
mainbuzzb

agargiulo wrote:Hi.

I must admit, we have never tried authenticating NConf with MS AD.
The "ldap" authentication module is intended for a pam_ldap / nss_ldap compliant structure (DIT) as used for Unix systems. The structure should consist of two different trees, one for users and one for groups:

uid=john,ou=People,dc=mydomain,dc=com
ou=Group,dc=mydomain,dc=com

I guess if your AD meets these requirements and if it is LDAPv3 compliant, then authentication should work. But it has never been tested by us. I'm not sure how the user / group matching is done in AD.

The "<username>" is a placeholder, it's what NConf will replace with the username that you enter when you authenticate. You should leave it as default, just make sure the placeholder is in the proper position within the user dn:

uid=<username>,ou=People,dc=mydomain,dc=com ("<username>" will be replaced by "john")